@adonisjs/session 8.0.0-next.1 → 8.0.0-next.2

package/build/commands/commands.json

@@ -0,0 +1 @@
+{"commands":[{"commandName":"make:session-table","description":"Create a migration for the sessions database table","help":"","namespace":"make","aliases":[],"flags":[],"args":[],"options":{},"filePath":"make_session_table.js"}],"version":1}

package/build/commands/main.d.ts

@@ -0,0 +1,4 @@
+import { CommandMetaData, Command } from '@adonisjs/ace/types';
+
+export function getMetaData(): Promise<CommandMetaData[]>
+export function getCommand(metaData: CommandMetaData): Promise<Command | null>

package/build/commands/main.js

@@ -0,0 +1,36 @@
+import { readFile } from 'node:fs/promises'
+
+/**
+ * In-memory cache of commands after they have been loaded
+ */
+let commandsMetaData
+
+/**
+ * Reads the commands from the "./commands.json" file. Since, the commands.json
+ * file is generated automatically, we do not have to validate its contents
+ */
+export async function getMetaData() {
+  if (commandsMetaData) {
+    return commandsMetaData
+  }
+
+  const commandsIndex = await readFile(new URL('./commands.json', import.meta.url), 'utf-8')
+  commandsMetaData = JSON.parse(commandsIndex).commands
+
+  return commandsMetaData
+}
+
+/**
+ * Imports the command by lookingup its path from the commands
+ * metadata
+ */
+export async function getCommand(metaData) {
+  const commands = await getMetaData()
+  const command = commands.find(({ commandName }) => metaData.commandName === commandName)
+  if (!command) {
+    return null
+  }
+
+  const { default: commandConstructor } = await import(new URL(command.filePath, import.meta.url).href)
+  return commandConstructor
+}

package/build/commands/make_session_table.d.ts

@@ -0,0 +1,9 @@
+import { BaseCommand } from '@adonisjs/core/ace';
+/**
+ * Command to create the sessions table migration
+ */
+export default class MakeSessionTable extends BaseCommand {
+    static commandName: string;
+    static description: string;
+    run(): Promise<void>;
+}

package/build/commands/make_session_table.js

@@ -0,0 +1,13 @@
+import { t as stubsRoot } from "../main-kn40V-hF.js";
+import { BaseCommand } from "@adonisjs/core/ace";
+var MakeSessionTable = class extends BaseCommand {
+	static commandName = "make:session-table";
+	static description = "Create a migration for the sessions database table";
+	async run() {
+		await (await this.createCodemods()).makeUsingStub(stubsRoot, "make/migration/sessions.stub", { migration: {
+			tableName: "sessions",
+			prefix: Date.now()
+		} });
+	}
+};
+export { MakeSessionTable as default };

package/build/{cookie-aLBno-zS.js → cookie--JOJxrtW.js}

@@ -1,4 +1,4 @@
-import { t as debug_default } from "./debug-Ba-0Cgn9.js";
+import { t as debug_default } from "./debug-BZVg83L1.js";
 var CookieStore = class {
 	#ctx;
 	#config;

package/build/database-vbrhCOPd.js

@@ -0,0 +1,86 @@
+import { t as debug_default } from "./debug-BZVg83L1.js";
+import string from "@poppinss/utils/string";
+import { MessageBuilder } from "@adonisjs/core/helpers";
+var DatabaseStore = class {
+	#client;
+	#tableName;
+	#ttlSeconds;
+	#gcProbability;
+	constructor(client, age, options) {
+		this.#client = client;
+		this.#tableName = options?.tableName ?? "sessions";
+		this.#ttlSeconds = string.seconds.parse(age);
+		this.#gcProbability = options?.gcProbability ?? 2;
+		debug_default("initiating database store");
+	}
+	async #collectGarbage() {
+		if (this.#gcProbability <= 0) return;
+		if (Math.random() * 100 < this.#gcProbability) {
+			debug_default("database store: running garbage collection");
+			const expiredBefore = new Date(Date.now());
+			await this.#client.from(this.#tableName).where("expires_at", "<=", expiredBefore).delete();
+		}
+	}
+	#parseSessionData(contents, sessionId) {
+		try {
+			return new MessageBuilder().verify(contents, sessionId);
+		} catch {
+			return null;
+		}
+	}
+	async read(sessionId) {
+		debug_default("database store: reading session data %s", sessionId);
+		const row = await this.#client.from(this.#tableName).where("id", sessionId).first();
+		if (!row) return null;
+		const expiresAt = new Date(row.expires_at).getTime();
+		if (Date.now() > expiresAt) {
+			await this.destroy(sessionId);
+			return null;
+		}
+		return this.#parseSessionData(row.data, sessionId);
+	}
+	async write(sessionId, values) {
+		debug_default("database store: writing session data %s, %O", sessionId, values);
+		const message = new MessageBuilder().build(values, void 0, sessionId);
+		const expiresAt = new Date(Date.now() + this.#ttlSeconds * 1e3);
+		await this.#client.insertQuery().table(this.#tableName).insert({
+			id: sessionId,
+			data: message,
+			expires_at: expiresAt
+		}).knexQuery.onConflict("id").merge(["data", "expires_at"]);
+		await this.#collectGarbage();
+	}
+	async destroy(sessionId) {
+		debug_default("database store: destroying session data %s", sessionId);
+		await this.#client.from(this.#tableName).where("id", sessionId).delete();
+	}
+	async touch(sessionId) {
+		debug_default("database store: touching session data %s", sessionId);
+		const expiresAt = new Date(Date.now() + this.#ttlSeconds * 1e3);
+		await this.#client.from(this.#tableName).where("id", sessionId).update({ expires_at: expiresAt });
+	}
+	async tag(sessionId, userId) {
+		debug_default("database store: tagging session %s with user %s", sessionId, userId);
+		const data = new MessageBuilder().build({}, void 0, sessionId);
+		const expiresAt = new Date(Date.now() + this.#ttlSeconds * 1e3);
+		await this.#client.insertQuery().table(this.#tableName).insert({
+			id: sessionId,
+			user_id: userId,
+			data,
+			expires_at: expiresAt
+		}).knexQuery.onConflict("id").merge(["user_id"]);
+	}
+	#rowToTaggedSession(row) {
+		const data = this.#parseSessionData(row.data, row.id);
+		if (!data) return null;
+		return {
+			id: row.id,
+			data
+		};
+	}
+	async tagged(userId) {
+		debug_default("database store: getting sessions tagged with user %s", userId);
+		return (await this.#client.from(this.#tableName).select("id", "data").where("user_id", userId).where("expires_at", ">", /* @__PURE__ */ new Date())).map((row) => this.#rowToTaggedSession(row)).filter((session) => session !== null);
+	}
+};
+export { DatabaseStore };

package/build/{dynamodb-CU8BrQfU.js → dynamodb-BFVgTQSf.js}

@@ -1,4 +1,4 @@
-import { t as debug_default } from "./debug-Ba-0Cgn9.js";
+import { t as debug_default } from "./debug-BZVg83L1.js";
 import string from "@adonisjs/core/helpers/string";
 import { MessageBuilder } from "@adonisjs/core/helpers";
 import { marshall, unmarshall } from "@aws-sdk/util-dynamodb";

package/build/factories/main.js

@@ -1,8 +1,10 @@
-import "../session-CBqhcnvJ.js";
-import { t as defineConfig } from "../session-Cc1LPXRc.js";
-import "../debug-Ba-0Cgn9.js";
-import "../values_store-smX0sQBJ.js";
-import { t as SessionMiddleware } from "../session_middleware-CS0R7hmq.js";
+import "../session-C9DdRahS.js";
+import "../main-kn40V-hF.js";
+import { t as defineConfig } from "../session-Cb9-DoMh.js";
+import "../debug-BZVg83L1.js";
+import "../values_store-CvR1Sn37.js";
+import "../session_collection-CvS5yIq6.js";
+import { t as SessionMiddleware } from "../session_middleware-gegOBxmm.js";
 import { Emitter } from "@adonisjs/core/events";
 import { AppFactory } from "@adonisjs/core/factories/app";
 var SessionMiddlewareFactory = class {

package/build/{file-CNxCs957.js → file-BBU02j4z.js}

@@ -1,4 +1,4 @@
-import { t as debug_default } from "./debug-Ba-0Cgn9.js";
+import { t as debug_default } from "./debug-BZVg83L1.js";
 import string from "@adonisjs/core/helpers/string";
 import { MessageBuilder } from "@adonisjs/core/helpers";
 import { dirname, join } from "node:path";

package/build/index.d.ts

@@ -11,4 +11,5 @@ export { configure } from './configure.ts';
 export { Session } from './src/session.ts';
 export { stubsRoot } from './stubs/main.ts';
 export { defineConfig, stores } from './src/define_config.ts';
+export { SessionCollection } from './src/session_collection.ts';
 export { ReadOnlyValuesStore, ValuesStore } from './src/values_store.ts';

package/build/index.js

@@ -1,5 +1,7 @@
-import { n as errors_exports, t as Session } from "./session-CBqhcnvJ.js";
-import { i as stubsRoot, n as stores, r as configure, t as defineConfig } from "./session-Cc1LPXRc.js";
-import "./debug-Ba-0Cgn9.js";
-import { n as ValuesStore, t as ReadOnlyValuesStore } from "./values_store-smX0sQBJ.js";
-export { ReadOnlyValuesStore, Session, ValuesStore, configure, defineConfig, errors_exports as errors, stores, stubsRoot };
+import { r as errors_exports, t as Session } from "./session-C9DdRahS.js";
+import { t as stubsRoot } from "./main-kn40V-hF.js";
+import { n as stores, r as configure, t as defineConfig } from "./session-Cb9-DoMh.js";
+import "./debug-BZVg83L1.js";
+import { n as ValuesStore, t as ReadOnlyValuesStore } from "./values_store-CvR1Sn37.js";
+import { t as SessionCollection } from "./session_collection-CvS5yIq6.js";
+export { ReadOnlyValuesStore, Session, SessionCollection, ValuesStore, configure, defineConfig, errors_exports as errors, stores, stubsRoot };

package/build/main-kn40V-hF.js

@@ -0,0 +1,2 @@
+const stubsRoot = import.meta.dirname;
+export { stubsRoot as t };

package/build/make/migration/sessions.stub

@@ -0,0 +1,26 @@
+{{{
+  exports({
+    to: app.makePath(
+      'database/migrations',
+      `${migration.prefix}_create_${migration.tableName}_table.ts`
+    )
+  })
+}}}
+import { BaseSchema } from '@adonisjs/lucid/schema'
+
+export default class extends BaseSchema {
+  protected tableName = '{{ migration.tableName }}'
+
+  async up() {
+    this.schema.createTable(this.tableName, (table) => {
+      table.string('id').primary()
+      table.text('data').notNullable()
+      table.string('user_id').nullable().index()
+      table.timestamp('expires_at').notNullable().index()
+    })
+  }
+
+  async down() {
+    this.schema.dropTable(this.tableName)
+  }
+}

package/build/providers/session_provider.d.ts

@@ -23,6 +23,7 @@ declare module '@adonisjs/core/types' {
  * AdonisJS application
  */
 export default class SessionProvider {
+    #private;
     protected app: ApplicationService;
     constructor(app: ApplicationService);
     /**
@@ -31,7 +32,7 @@ export default class SessionProvider {
      */
     protected registerEdgePlugin(): Promise<void>;
     /**
-     * Registering muddleware
+     * Registering bindings
      */
     register(): void;
     /**

package/build/providers/session_provider.js

@@ -1,7 +1,8 @@
-import "../session-CBqhcnvJ.js";
-import "../debug-Ba-0Cgn9.js";
-import "../values_store-smX0sQBJ.js";
-import { t as SessionMiddleware } from "../session_middleware-CS0R7hmq.js";
+import "../session-C9DdRahS.js";
+import "../debug-BZVg83L1.js";
+import "../values_store-CvR1Sn37.js";
+import { t as SessionCollection } from "../session_collection-CvS5yIq6.js";
+import { t as SessionMiddleware } from "../session_middleware-gegOBxmm.js";
 import { RuntimeException } from "@adonisjs/core/exceptions";
 import { configProvider } from "@adonisjs/core";
 var SessionProvider = class {
@@ -15,12 +16,18 @@ var SessionProvider = class {
 			edge.default.use(edgePluginSession);
 		}
 	}
+	async #resolveConfig() {
+		const sessionConfigProvider = this.app.config.get("session", {});
+		const config = await configProvider.resolve(this.app, sessionConfigProvider);
+		if (!config) throw new RuntimeException("Invalid \"config/session.ts\" file. Make sure you are using the \"defineConfig\" method");
+		return config;
+	}
 	register() {
 		this.app.container.singleton(SessionMiddleware, async (resolver) => {
-			const sessionConfigProvider = this.app.config.get("session", {});
-			const config = await configProvider.resolve(this.app, sessionConfigProvider);
-			if (!config) throw new RuntimeException("Invalid \"config/session.ts\" file. Make sure you are using the \"defineConfig\" method");
-			return new SessionMiddleware(config, await resolver.make("emitter"));
+			return new SessionMiddleware(await this.#resolveConfig(), await resolver.make("emitter"));
+		});
+		this.app.container.singleton(SessionCollection, async () => {
+			return new SessionCollection(await this.#resolveConfig());
 		});
 	}
 	async boot() {

package/build/redis-D8D9UtiD.js

@@ -0,0 +1,91 @@
+import { t as debug_default } from "./debug-BZVg83L1.js";
+import string from "@adonisjs/core/helpers/string";
+import { MessageBuilder } from "@adonisjs/core/helpers";
+var RedisStore = class {
+	#connection;
+	#ttlSeconds;
+	constructor(connection, age) {
+		this.#connection = connection;
+		this.#ttlSeconds = string.seconds.parse(age);
+		debug_default("initiating redis store");
+	}
+	#processSessionResult(options) {
+		if (!options.contents) return {
+			session: null,
+			isInvalid: true
+		};
+		const data = this.#parseSessionData(options.contents, options.sessionId);
+		if (!data) return {
+			session: null,
+			isInvalid: true
+		};
+		return {
+			session: {
+				id: options.sessionId,
+				data
+			},
+			isInvalid: false
+		};
+	}
+	async #fetchSessionContents(sessionIds) {
+		const pipeline = this.#connection.pipeline();
+		sessionIds.forEach((sessionId) => pipeline.get(sessionId));
+		return (await pipeline.exec())?.map((result) => result[1]) ?? [];
+	}
+	async #cleanupInvalidSessions(userId, invalidSessionIds) {
+		if (invalidSessionIds.length === 0) return;
+		await this.#connection.srem(this.#getTagKey(userId), ...invalidSessionIds);
+	}
+	#getTagKey(userId) {
+		return `session_tag:${userId}`;
+	}
+	#parseSessionData(contents, sessionId) {
+		try {
+			return new MessageBuilder().verify(contents, sessionId);
+		} catch {
+			return null;
+		}
+	}
+	async read(sessionId) {
+		debug_default("redis store: reading session data %s", sessionId);
+		const contents = await this.#connection.get(sessionId);
+		if (!contents) return null;
+		try {
+			return new MessageBuilder().verify(contents, sessionId);
+		} catch {
+			return null;
+		}
+	}
+	async write(sessionId, values) {
+		debug_default("redis store: writing session data %s, %O", sessionId, values);
+		const message = new MessageBuilder().build(values, void 0, sessionId);
+		await this.#connection.setex(sessionId, this.#ttlSeconds, message);
+	}
+	async destroy(sessionId) {
+		debug_default("redis store: destroying session data %s", sessionId);
+		await this.#connection.del(sessionId);
+	}
+	async touch(sessionId) {
+		debug_default("redis store: touching session data %s", sessionId);
+		await this.#connection.expire(sessionId, this.#ttlSeconds);
+	}
+	async tag(sessionId, userId) {
+		debug_default("redis store: tagging session %s with user %s", sessionId, userId);
+		await this.#connection.sadd(this.#getTagKey(userId), sessionId);
+	}
+	async tagged(userId) {
+		debug_default("redis store: getting sessions tagged with user %s", userId);
+		const sessionIds = await this.#connection.smembers(this.#getTagKey(userId));
+		if (sessionIds.length === 0) return [];
+		const contents = await this.#fetchSessionContents(sessionIds);
+		const results = sessionIds.map((sessionId, index) => this.#processSessionResult({
+			sessionId,
+			contents: contents[index]
+		}));
+		const validSessions = results.filter((r) => r.session !== null).map((r) => r.session);
+		const invalidSessionIds = results.map((result, index) => result.isInvalid ? sessionIds[index] : null).filter((id) => id !== null);
+		await this.#cleanupInvalidSessions(userId, invalidSessionIds);
+		return validSessions;
+	}
+};
+export { RedisStore };

package/build/{session-CBqhcnvJ.js → session-C9DdRahS.js}

@@ -1,5 +1,5 @@
-import { t as debug_default } from "./debug-Ba-0Cgn9.js";
-import { n as ValuesStore, t as ReadOnlyValuesStore } from "./values_store-smX0sQBJ.js";
+import { t as debug_default } from "./debug-BZVg83L1.js";
+import { n as ValuesStore, t as ReadOnlyValuesStore } from "./values_store-CvR1Sn37.js";
 import "node:module";
 import { createError } from "@adonisjs/core/exceptions";
 import { randomUUID } from "node:crypto";
@@ -17,10 +17,12 @@ var __export = (all, symbols) => {
 };
 var errors_exports = /* @__PURE__ */ __export({
 	E_SESSION_NOT_MUTABLE: () => E_SESSION_NOT_MUTABLE,
-	E_SESSION_NOT_READY: () => E_SESSION_NOT_READY
+	E_SESSION_NOT_READY: () => E_SESSION_NOT_READY,
+	E_SESSION_TAGGING_NOT_SUPPORTED: () => E_SESSION_TAGGING_NOT_SUPPORTED
 });
 const E_SESSION_NOT_MUTABLE = createError("Session store is in readonly mode and cannot be mutated", "E_SESSION_NOT_MUTABLE", 500);
 const E_SESSION_NOT_READY = createError("Session store has not been initiated. Make sure you have registered the session middleware", "E_SESSION_NOT_READY", 500);
+const E_SESSION_TAGGING_NOT_SUPPORTED = createError("Session store does not support tagging. Use memory, redis, or database store instead", "E_SESSION_TAGGING_NOT_SUPPORTED", 500);
 var Session = class extends Macroable {
 	#store;
 	#emitter;
@@ -161,6 +163,10 @@ var Session = class extends Macroable {
 	reflashExcept(keys) {
 		this.#getFlashStore("write").set("reflashed", lodash.omit(this.flashMessages.all(), keys));
 	}
+	async tag(userId) {
+		if (!("tag" in this.#store)) throw new E_SESSION_TAGGING_NOT_SUPPORTED();
+		await this.#store.tag(this.#sessionId, userId);
+	}
 	regenerate() {
 		this.#sessionId = randomUUID();
 	}
@@ -206,4 +212,4 @@ var Session = class extends Macroable {
 		this.#emitter.emit("session:committed", { session: this });
 	}
 };
-export { errors_exports as n, Session as t };
+export { E_SESSION_TAGGING_NOT_SUPPORTED as n, errors_exports as r, Session as t };

package/build/{session-Cc1LPXRc.js → session-Cb9-DoMh.js}

@@ -1,8 +1,8 @@
-import { t as debug_default } from "./debug-Ba-0Cgn9.js";
-import { InvalidArgumentsException } from "@adonisjs/core/exceptions";
+import { t as stubsRoot } from "./main-kn40V-hF.js";
+import { t as debug_default } from "./debug-BZVg83L1.js";
+import { InvalidArgumentsException, RuntimeException } from "@adonisjs/core/exceptions";
 import { configProvider } from "@adonisjs/core";
 import string from "@adonisjs/core/helpers/string";
-const stubsRoot = import.meta.dirname;
 async function configure(command) {
 	const codemods = await command.createCodemods();
 	await codemods.makeUsingStub(stubsRoot, "config/session.stub", {});
@@ -14,10 +14,12 @@ async function configure(command) {
 	await codemods.registerMiddleware("router", [{ path: "@adonisjs/session/session_middleware" }]);
 	await codemods.updateRcFile((rcFile) => {
 		rcFile.addProvider("@adonisjs/session/session_provider");
+		rcFile.addCommand("@adonisjs/session/commands");
 	});
 }
 var MemoryStore = class MemoryStore {
 	static sessions = /* @__PURE__ */ new Map();
+	static tags = /* @__PURE__ */ new Map();
 	read(sessionId) {
 		return MemoryStore.sessions.get(sessionId) || null;
 	}
@@ -26,8 +28,24 @@ var MemoryStore = class MemoryStore {
 	}
 	destroy(sessionId) {
 		MemoryStore.sessions.delete(sessionId);
+		MemoryStore.tags.delete(sessionId);
 	}
 	touch(_) {}
+	tag(sessionId, userId) {
+		MemoryStore.tags.set(sessionId, userId);
+	}
+	tagged(userId) {
+		const sessions = [];
+		for (const [sessionId, tagUserId] of MemoryStore.tags) {
+			if (tagUserId !== userId) continue;
+			const data = MemoryStore.sessions.get(sessionId);
+			if (data) sessions.push({
+				id: sessionId,
+				data
+			});
+		}
+		return sessions;
+	}
 };
 function defineConfig(config) {
 	debug_default("processing session config %O", config);
@@ -67,7 +85,7 @@ function defineConfig(config) {
 const stores = {
 	file: (config) => {
 		return configProvider.create(async () => {
-			const { FileStore } = await import("./file-CNxCs957.js");
+			const { FileStore } = await import("./file-BBU02j4z.js");
 			return (_, sessionConfig) => {
 				return new FileStore(config, sessionConfig.age);
 			};
@@ -75,7 +93,7 @@ const stores = {
 	},
 	redis: (config) => {
 		return configProvider.create(async (app) => {
-			const { RedisStore } = await import("./redis-Bcjum7z7.js");
+			const { RedisStore } = await import("./redis-D8D9UtiD.js");
 			const redis = await app.container.make("redis");
 			return (_, sessionConfig) => {
 				return new RedisStore(redis.connection(config.connection), sessionConfig.age);
@@ -84,7 +102,7 @@ const stores = {
 	},
 	cookie: () => {
 		return configProvider.create(async () => {
-			const { CookieStore } = await import("./cookie-aLBno-zS.js");
+			const { CookieStore } = await import("./cookie--JOJxrtW.js");
 			return (ctx, sessionConfig) => {
 				return new CookieStore(sessionConfig.cookie, ctx);
 			};
@@ -92,7 +110,7 @@ const stores = {
 	},
 	dynamodb: (config) => {
 		return configProvider.create(async () => {
-			const { DynamoDBStore } = await import("./dynamodb-CU8BrQfU.js");
+			const { DynamoDBStore } = await import("./dynamodb-BFVgTQSf.js");
 			const { DynamoDBClient } = await import("@aws-sdk/client-dynamodb");
 			const client = "clientConfig" in config ? new DynamoDBClient(config.clientConfig) : config.client;
 			return (_, sessionConfig) => {
@@ -102,6 +120,20 @@ const stores = {
 				});
 			};
 		});
+	},
+	database: (config) => {
+		return configProvider.create(async (app) => {
+			const { DatabaseStore } = await import("./database-vbrhCOPd.js");
+			const db = await app.container.make("lucid.db");
+			const connectionName = config?.connectionName || db.primaryConnectionName;
+			if (!db.manager.has(connectionName)) throw new RuntimeException(`Invalid database connection "${connectionName}" referenced in session config`);
+			return (_, sessionConfig) => {
+				return new DatabaseStore(db.connection(connectionName), sessionConfig.age, {
+					tableName: config?.tableName,
+					gcProbability: config?.gcProbability
+				});
+			};
+		});
 	}
 };
-export { stubsRoot as i, stores as n, configure as r, defineConfig as t };
+export { stores as n, configure as r, defineConfig as t };

package/build/session_collection-CvS5yIq6.js

@@ -0,0 +1,31 @@
+import { n as E_SESSION_TAGGING_NOT_SUPPORTED } from "./session-C9DdRahS.js";
+import { t as debug_default } from "./debug-BZVg83L1.js";
+var SessionCollection = class {
+	#store;
+	constructor(config) {
+		const storeFactory = config.stores[config.store];
+		this.#store = storeFactory(null, config);
+	}
+	supportsTagging() {
+		return "tag" in this.#store && "tagged" in this.#store;
+	}
+	async get(sessionId) {
+		debug_default("session collection: getting session data %s", sessionId);
+		return this.#store.read(sessionId);
+	}
+	async destroy(sessionId) {
+		debug_default("session collection: destroying session %s", sessionId);
+		return this.#store.destroy(sessionId);
+	}
+	async tag(sessionId, userId) {
+		debug_default("session collection: tagging session %s with user %s", sessionId, userId);
+		if (!this.supportsTagging()) throw new E_SESSION_TAGGING_NOT_SUPPORTED();
+		return this.#store.tag(sessionId, userId);
+	}
+	async tagged(userId) {
+		debug_default("session collection: getting sessions tagged with user %s", userId);
+		if (!this.supportsTagging()) throw new E_SESSION_TAGGING_NOT_SUPPORTED();
+		return this.#store.tagged(userId);
+	}
+};
+export { SessionCollection as t };

package/build/{session_middleware-CS0R7hmq.js → session_middleware-gegOBxmm.js}

@@ -1,4 +1,4 @@
-import { t as Session } from "./session-CBqhcnvJ.js";
+import { t as Session } from "./session-C9DdRahS.js";
 import { ExceptionHandler } from "@adonisjs/core/http";
 const originalErrorHandler = ExceptionHandler.prototype.renderValidationErrorAsHTML;
 ExceptionHandler.macro("renderValidationErrorAsHTML", async function(error, ctx) {

package/build/src/client.js

@@ -1,5 +1,5 @@
-import { t as debug_default } from "../debug-Ba-0Cgn9.js";
-import { n as ValuesStore } from "../values_store-smX0sQBJ.js";
+import { t as debug_default } from "../debug-BZVg83L1.js";
+import { n as ValuesStore } from "../values_store-CvR1Sn37.js";
 import { randomUUID } from "node:crypto";
 var SessionClient = class {
 	#valuesStore = new ValuesStore({});

package/build/src/define_config.d.ts

@@ -1,6 +1,6 @@
 import type { ConfigProvider } from '@adonisjs/core/types';
 import type { CookieOptions } from '@adonisjs/core/types/http';
-import type { SessionConfig, FileStoreConfig, RedisStoreConfig, SessionStoreFactory, DynamoDBStoreConfig } from './types.ts';
+import type { SessionConfig, FileStoreConfig, RedisStoreConfig, SessionStoreFactory, DynamoDBStoreConfig, DatabaseStoreConfig } from './types.ts';
 type ConfigInput<KnownStores extends Record<string, SessionStoreFactory | ConfigProvider<SessionStoreFactory>>> = Partial<SessionConfig> & {
     store: keyof KnownStores | 'memory';
     stores: KnownStores;
@@ -66,5 +66,6 @@ export declare const stores: {
     redis: (config: RedisStoreConfig) => ConfigProvider<SessionStoreFactory>;
     cookie: () => ConfigProvider<SessionStoreFactory>;
     dynamodb: (config: DynamoDBStoreConfig) => ConfigProvider<SessionStoreFactory>;
+    database: (config?: DatabaseStoreConfig) => ConfigProvider<SessionStoreFactory>;
 };
 export {};

package/build/src/errors.d.ts

@@ -22,3 +22,12 @@ export declare const E_SESSION_NOT_MUTABLE: new (args?: any, options?: ErrorOpti
  * session.put('key', 'value') // Works fine
  */
 export declare const E_SESSION_NOT_READY: new (args?: any, options?: ErrorOptions) => import("@adonisjs/core/exceptions").Exception;
+/**
+ * Error thrown when attempting to use tagging features with a store that doesn't support it.
+ * Only Memory, Redis, and Database stores support session tagging.
+ *
+ * @example
+ * // This will throw E_SESSION_TAGGING_NOT_SUPPORTED when using cookie store
+ * const sessions = await sessionCollection.tagged(userId)
+ */
+export declare const E_SESSION_TAGGING_NOT_SUPPORTED: new (args?: any, options?: ErrorOptions) => import("@adonisjs/core/exceptions").Exception;

package/build/src/plugins/edge.js

@@ -1,4 +1,4 @@
-import { t as debug_default } from "../../debug-Ba-0Cgn9.js";
+import { t as debug_default } from "../../debug-BZVg83L1.js";
 const edgePluginSession = (edge) => {
 	debug_default("registering session tags with edge");
 	edge.registerTag({

package/build/src/plugins/japa/api_client.js

@@ -1,5 +1,5 @@
-import "../../../debug-Ba-0Cgn9.js";
-import "../../../values_store-smX0sQBJ.js";
+import "../../../debug-BZVg83L1.js";
+import "../../../values_store-CvR1Sn37.js";
 import { SessionClient } from "../../client.js";
 import { RuntimeException } from "@adonisjs/core/exceptions";
 import lodash from "@poppinss/utils/lodash";

package/build/src/plugins/japa/browser_client.js

@@ -1,5 +1,5 @@
-import "../../../debug-Ba-0Cgn9.js";
-import "../../../values_store-smX0sQBJ.js";
+import "../../../debug-BZVg83L1.js";
+import "../../../values_store-CvR1Sn37.js";
 import { SessionClient } from "../../client.js";
 import { RuntimeException } from "@adonisjs/core/exceptions";
 import { configProvider } from "@adonisjs/core";

package/build/src/session.d.ts

@@ -266,6 +266,18 @@ export declare class Session extends Macroable {
      * session.reflashExcept(['error', 'warning'])
      */
     reflashExcept(keys: string[]): void;
+    /**
+     * Tag the current session with a user ID.
+     * Only supported by Memory, Redis, and Database stores.
+     * This enables features like "logout from all devices".
+     *
+     * @param userId - The user ID to tag this session with
+     *
+     * @example
+     * // During login, tag the session with the user's ID
+     * await session.tag(String(user.id))
+     */
+    tag(userId: string): Promise<void>;
     /**
      * Re-generates the session id and migrates data to it
      *

package/build/src/session_collection.d.ts

@@ -0,0 +1,81 @@
+/**
+ * @adonisjs/session
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import type { ResolvedSessionConfig, SessionData, TaggedSession } from './types.ts';
+/**
+ * SessionCollection provides APIs for programmatic session
+ * management. It allows reading, destroying, and tagging
+ * sessions without an HTTP context.
+ *
+ * @example
+ * ```ts
+ * import app from '@adonisjs/core/services/app'
+ * import { SessionCollection } from '@adonisjs/session'
+ *
+ * const sessionCollection = await app.container.make(SessionCollection)
+ *
+ * // List all sessions for a user
+ * const sessions = await sessionCollection.tagged(String(user.id))
+ *
+ * // Destroy a specific session
+ * await sessionCollection.destroy(sessionId)
+ * ```
+ */
+export declare class SessionCollection {
+    #private;
+    /**
+     * Creates a new SessionCollection instance
+     *
+     * @param config - Resolved session configuration
+     */
+    constructor(config: ResolvedSessionConfig);
+    /**
+     * Check if the current store supports tagging
+     */
+    supportsTagging(): boolean;
+    /**
+     * Returns the session data for the given session ID,
+     * or null if the session does not exist
+     *
+     * @param sessionId - Session identifier
+     *
+     * @example
+     * const data = await sessionCollection.get('sess_abc123')
+     */
+    get(sessionId: string): Promise<SessionData | null>;
+    /**
+     * Destroys a session by its ID
+     *
+     * @param sessionId - Session identifier
+     *
+     * @example
+     * await sessionCollection.destroy('sess_abc123')
+     */
+    destroy(sessionId: string): Promise<void>;
+    /**
+     * Tag a session with a user ID.
+     * Only supported by Memory, Redis and Database stores.
+     *
+     * @param sessionId - Session identifier
+     * @param userId - User identifier to tag the session with
+     *
+     * @example
+     * await sessionCollection.tag('sess_abc123', 'user_456')
+     */
+    tag(sessionId: string, userId: string): Promise<void>;
+    /**
+     * Get all sessions for a given user ID (tag).
+     * Only supported by Memory, Redis and Database stores.
+     *
+     * @param userId - User identifier to get sessions for
+     *
+     * @example
+     * const sessions = await sessionCollection.tagged('user_456')
+     */
+    tagged(userId: string): Promise<TaggedSession[]>;
+}

package/build/src/session_middleware.js

@@ -1,5 +1,5 @@
-import "../session-CBqhcnvJ.js";
-import "../debug-Ba-0Cgn9.js";
-import "../values_store-smX0sQBJ.js";
-import { t as SessionMiddleware } from "../session_middleware-CS0R7hmq.js";
+import "../session-C9DdRahS.js";
+import "../debug-BZVg83L1.js";
+import "../values_store-CvR1Sn37.js";
+import { t as SessionMiddleware } from "../session_middleware-gegOBxmm.js";
 export { SessionMiddleware as default };

package/build/src/stores/database.d.ts

@@ -0,0 +1,70 @@
+/**
+ * @adonisjs/session
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import type { QueryClientContract } from '@adonisjs/lucid/types/database';
+import type { SessionStoreWithTaggingContract, SessionData, TaggedSession } from '../types.ts';
+/**
+ * Database store to read/write session to SQL databases using Lucid
+ */
+export declare class DatabaseStore implements SessionStoreWithTaggingContract {
+    #private;
+    constructor(client: QueryClientContract, age: string | number, options?: {
+        /**
+         * Defaults to "sessions"
+         */
+        tableName?: string;
+        /**
+         * The probability (in percent) that garbage collection will be
+         * triggered on any given request. For example, 2 means 2% chance.
+         *
+         * Set to 0 to disable garbage collection.
+         *
+         * Defaults to 2 (2% chance)
+         */
+        gcProbability?: number;
+    });
+    /**
+     * Returns session data
+     *
+     * @param sessionId - Session identifier
+     */
+    read(sessionId: string): Promise<SessionData | null>;
+    /**
+     * Write session values to the database
+     *
+     * @param sessionId - Session identifier
+     * @param values - Session data to store
+     */
+    write(sessionId: string, values: Object): Promise<void>;
+    /**
+     * Cleanup session by removing it
+     *
+     * @param sessionId - Session identifier
+     */
+    destroy(sessionId: string): Promise<void>;
+    /**
+     * Updates the session expiry
+     *
+     * @param sessionId - Session identifier
+     */
+    touch(sessionId: string): Promise<void>;
+    /**
+     * Tag a session with a user ID.
+     * Uses UPSERT to handle both existing and new sessions.
+     *
+     * @param sessionId - Session identifier
+     * @param userId - User identifier to tag the session with
+     */
+    tag(sessionId: string, userId: string): Promise<void>;
+    /**
+     * Get all sessions for a given user ID (tag)
+     *
+     * @param userId - User identifier to get sessions for
+     */
+    tagged(userId: string): Promise<TaggedSession[]>;
+}

package/build/src/stores/memory.d.ts

@@ -6,7 +6,7 @@
  * For the full copyright and license information, please view the LICENSE
  * file that was distributed with this source code.
  */
-import type { SessionData, SessionStoreContract } from '../types.ts';
+import type { SessionData, SessionStoreWithTaggingContract, TaggedSession } from '../types.ts';
 /**
  * Memory store is meant to be used for writing tests.
  * All session data is stored in memory and will be lost when the process restarts.
@@ -15,11 +15,15 @@ import type { SessionData, SessionStoreContract } from '../types.ts';
  * const memoryStore = new MemoryStore()
  * memoryStore.write('sess_abc123', { userId: 123 })
  */
-export declare class MemoryStore implements SessionStoreContract {
+export declare class MemoryStore implements SessionStoreWithTaggingContract {
     /**
      * Static map to store all session data in memory
      */
     static sessions: Map<string, SessionData>;
+    /**
+     * Static map to store session tags (sessionId -> userId)
+     */
+    static tags: Map<string, string>;
     /**
      * Reads session value from memory
      *
@@ -54,4 +58,17 @@ export declare class MemoryStore implements SessionStoreContract {
      * @param sessionId - Session identifier (unused)
      */
     touch(_?: string): void;
+    /**
+     * Tag a session with a user ID
+     *
+     * @param sessionId - Session identifier
+     * @param userId - User identifier to tag the session with
+     */
+    tag(sessionId: string, userId: string): void;
+    /**
+     * Get all sessions for a given user ID (tag)
+     *
+     * @param userId - User identifier to get sessions for
+     */
+    tagged(userId: string): TaggedSession[];
 }

package/build/src/stores/redis.d.ts

@@ -7,7 +7,7 @@
  * file that was distributed with this source code.
  */
 import type { Connection } from '@adonisjs/redis/types';
-import type { SessionStoreContract, SessionData } from '../types.ts';
+import type { SessionData, TaggedSession, SessionStoreWithTaggingContract } from '../types.ts';
 /**
  * Redis store to read/write session data to Redis server.
  * Provides fast, scalable session storage with automatic expiry.
@@ -15,7 +15,7 @@ import type { SessionStoreContract, SessionData } from '../types.ts';
  * @example
  * const redisStore = new RedisStore(redisConnection, '2 hours')
  */
-export declare class RedisStore implements SessionStoreContract {
+export declare class RedisStore implements SessionStoreWithTaggingContract {
     #private;
     /**
      * Creates a new Redis store instance
@@ -61,4 +61,17 @@ export declare class RedisStore implements SessionStoreContract {
      * await store.touch('sess_abc123')
      */
     touch(sessionId: string): Promise<void>;
+    /**
+     * Tag a session with a user ID
+     *
+     * @param sessionId - Session identifier
+     * @param userId - User identifier to tag the session with
+     */
+    tag(sessionId: string, userId: string): Promise<void>;
+    /**
+     * Get all sessions for a given user ID (tag)
+     *
+     * @param userId - User identifier to get sessions for
+     */
+    tagged(userId: string): Promise<TaggedSession[]>;
 }

package/build/src/types.d.ts

@@ -210,3 +210,64 @@ export type DynamoDBStoreConfig = ({
  * }
  */
 export type SessionStoreFactory = (ctx: HttpContext, sessionConfig: SessionConfig) => SessionStoreContract;
+/**
+ * Extended session store contract that supports tagging sessions with user IDs.
+ * This enables querying all sessions for a specific user, useful for features
+ * like "logout from all devices" or "view active sessions".
+ *
+ * @example
+ * class MyStore implements SessionStoreWithTaggingContract {
+ *   // ... base SessionStoreContract methods ...
+ *
+ *   async tag(sessionId: string, userId: string) {
+ *     await this.storage.tag(sessionId, userId)
+ *   }
+ *
+ *   async tagged(userId: string) {
+ *     return await this.storage.getSessionsByUser(userId)
+ *   }
+ * }
+ */
+export interface SessionStoreWithTaggingContract extends SessionStoreContract {
+    /**
+     * Associates a session with a user ID (tag).
+     * This allows querying all sessions for a specific user.
+     */
+    tag(sessionId: string, userId: string): Promise<void> | void;
+    /**
+     * Returns all sessions associated with a given user ID (tag).
+     * Only returns non-expired sessions.
+     */
+    tagged(userId: string): Promise<TaggedSession[]> | TaggedSession[];
+}
+/**
+ * Represents a tagged session with its ID and data
+ */
+export interface TaggedSession {
+    id: string;
+    data: SessionData;
+}
+/**
+ * Configuration used by the database store.
+ */
+export interface DatabaseStoreConfig {
+    connectionName?: string;
+    tableName?: string;
+    /**
+     * The probability (in percent) that garbage collection of expired
+     * sessions will be triggered on any given request.
+     *
+     * For example, 2 means 2% chance.
+     * Set to 0 to disable garbage collection.
+     *
+     * Defaults to 2 (2% chance)
+     */
+    gcProbability?: number;
+}
+/**
+ * Resolved session config after processing by defineConfig
+ */
+export interface ResolvedSessionConfig extends SessionConfig {
+    store: string;
+    stores: Record<string, SessionStoreFactory>;
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@adonisjs/session",
   "description": "Session provider for AdonisJS",
-  "version": "8.0.0-next.1",
+  "version": "8.0.0-next.2",
   "engines": {
     "node": ">=24.0.0"
   },
@@ -22,7 +22,8 @@
     "./plugins/api_client": "./build/src/plugins/japa/api_client.js",
     "./plugins/browser_client": "./build/src/plugins/japa/browser_client.js",
     "./client": "./build/src/client.js",
-    "./types": "./build/src/types.js"
+    "./types": "./build/src/types.js",
+    "./commands": "./build/commands/main.js"
   },
   "scripts": {
     "pretest": "npm run lint",
@@ -33,7 +34,8 @@
     "copy:templates": "copyfiles \"stubs/**/*.stub\" --up=\"1\" build",
     "precompile": "npm run lint",
     "compile": "tsdown && tsc --emitDeclarationOnly --declaration",
-    "postcompile": "npm run copy:templates",
+    "postcompile": "npm run copy:templates && npm run index:commands",
+    "index:commands": "adonis-kit index build/commands",
     "build": "npm run compile",
     "docs": "typedoc",
     "version": "npm run build",
@@ -46,6 +48,7 @@
     "@adonisjs/core": "^7.0.0-next.16",
     "@adonisjs/eslint-config": "^3.0.0-next.5",
     "@adonisjs/i18n": "^3.0.0-next.2",
+    "@adonisjs/lucid": "^22.0.0-next.0",
     "@adonisjs/prettier-config": "^1.4.5",
     "@adonisjs/redis": "^10.0.0-next.2",
     "@adonisjs/tsconfig": "^2.0.0-next.3",
@@ -66,6 +69,9 @@
     "@vinejs/vine": "^4.2.0",
     "c8": "^10.1.3",
     "copyfiles": "^2.4.1",
+    "better-sqlite3": "^12.5.0",
+    "mysql2": "^3.15.3",
+    "pg": "^8.16.3",
     "cross-env": "^10.1.0",
     "edge.js": "^6.4.0",
     "eslint": "^9.39.2",
@@ -86,6 +92,7 @@
   "peerDependencies": {
     "@adonisjs/assembler": "^8.0.0-next.26",
     "@adonisjs/core": "^7.0.0-next.16",
+    "@adonisjs/lucid": "^22.0.0-next.0",
     "@adonisjs/redis": "^10.0.0-next.2",
     "@aws-sdk/client-dynamodb": "^3.955.0",
     "@aws-sdk/util-dynamodb": "^3.955.0",
@@ -98,6 +105,9 @@
     "@adonisjs/assembler": {
       "optional": true
     },
+    "@adonisjs/lucid": {
+      "optional": true
+    },
     "@adonisjs/redis": {
       "optional": true
     },
@@ -121,6 +131,9 @@
     }
   },
   "author": "virk,adonisjs",
+  "contributors": [
+    "Julien Ripouteau <julien@ripouteau.com>"
+  ],
   "license": "MIT",
   "homepage": "https://github.com/adonisjs/session#readme",
   "repository": {
@@ -148,7 +161,8 @@
       "./src/plugins/edge.ts",
       "./src/plugins/japa/api_client.ts",
       "./src/plugins/japa/browser_client.ts",
-      "./src/client.ts"
+      "./src/client.ts",
+      "./commands/make_session_table.ts"
     ],
     "outDir": "./build",
     "clean": true,

package/build/redis-Bcjum7z7.js

@@ -1,36 +0,0 @@
-import { t as debug_default } from "./debug-Ba-0Cgn9.js";
-import string from "@adonisjs/core/helpers/string";
-import { MessageBuilder } from "@adonisjs/core/helpers";
-var RedisStore = class {
-	#connection;
-	#ttlSeconds;
-	constructor(connection, age) {
-		this.#connection = connection;
-		this.#ttlSeconds = string.seconds.parse(age);
-		debug_default("initiating redis store");
-	}
-	async read(sessionId) {
-		debug_default("redis store: reading session data %s", sessionId);
-		const contents = await this.#connection.get(sessionId);
-		if (!contents) return null;
-		try {
-			return new MessageBuilder().verify(contents, sessionId);
-		} catch {
-			return null;
-		}
-	}
-	async write(sessionId, values) {
-		debug_default("redis store: writing session data %s, %O", sessionId, values);
-		const message = new MessageBuilder().build(values, void 0, sessionId);
-		await this.#connection.setex(sessionId, this.#ttlSeconds, message);
-	}
-	async destroy(sessionId) {
-		debug_default("redis store: destroying session data %s", sessionId);
-		await this.#connection.del(sessionId);
-	}
-	async touch(sessionId) {
-		debug_default("redis store: touching session data %s", sessionId);
-		await this.#connection.expire(sessionId, this.#ttlSeconds);
-	}
-};
-export { RedisStore };